[ale] testing firegpg with mailman

Jeremy T. Bouse jeremy.bouse at undergrid.net
Sun Nov 29 10:47:18 EST 2009


Jim Kinney wrote:
> OK all. Michael sent this email to the group with a valid signature
> attached. It went through mailman and is valid as per FireGPG on my
> fedora12/Firefox 3.5.5 system.
> 
> Did anyone get this with a bad signature? Please indicate whether your
> mailreader is Gmail/FireGPG, evolution, thunderbird/enigmail, mutt
> w/gpg, etc.
> 
	The problem hasn't been with FireGPG being able to validate
signatures... It's been validating signatures *sent* using FireGPG that
go through the ALE mailman instance...

	So long as the message is signed using anything *except* FireGPG
mailman is not mangling it and the signatures are then verified. Somehow
 FireGPG is handling the issue the signatures still appear valid, I can
only suppose it's noticing the MIME content headers have been reformated
and formats them back before verifing.

> On Sat, Nov 28, 2009 at 3:18 PM, Michael H. Warfield <mhw at wittsend.com
> <mailto:mhw at wittsend.com>> wrote:
> 
>     Jim,
> 
>     On Sat, 2009-11-28 at 14:23 -0500, Jim Kinney wrote:
>     > OK. So Mailman is (maybe) munging the gpg signature. Fixing that will
>     > be a challenge if it's caused by signing the wrong sections of the
>     > message body.
> 
>     Something is not right here.  I run a mailman site supporting several
>     dozen lists and multiple domains (IT-ISAC, ISAC Council, +++) and I
>     don't see this problem.  We use gpg/pgp all the time on those lists.
>     Furthermore, my own signatures through the ALE list seem to be coming
>     through fine.
> 
>     Couple of years ago, I did run into a problem with MailScanner which
>     Julian and I took a few days to shoot.  In that case, MailScanner was
>     unpacking the mime and then repacking it (quoted printable in that case,
>     I believe).  While the contents of the attachments remained unaltered,
>     the encoding encapsulation changed (Mime is ambiguous on several points
>     and something time MailTools or MimeTools will pack something
>     differently than will Evolution or Thunderbird).  We had to stipulate
>     something in MailScanner where the message was passed unmolested if
>     nothing was found untoward in it, rather than repacking it and sending
>     it on.
> 
>     There are a couple of MailScanner Mime settings that could impact this
>     but I seriously doubt it.
> 
>     Try this for a test.  Send a message back to me and to the list.  Just a
>     Reply-All should do just fine.  I can do a byte for bye, attachment for
>     attachment comparison.  Make SURE <mhw at wittsend.com
>     <mailto:mhw at wittsend.com>> is on the cc list,
>     so I get a direct copy.  You should be able to verify my signatures on
>     this message the same way.  Compare the results from the ALE relay to
>     the direct message.
> 
>     Regards,
>     Mike
> 
>     > What is needed now is to test a gpg signature sent from a plain text
>     > (NOT from firegpg) email through mailman. It needs to be tested
>     > through both firegpg and regular text email (anyone got a quick link
>     > to gpg with mutt?).
>     >
>     > I sent myself a test message from firegpg to myself and NOT through
>     > mailman. firgpg then reported it as a good signature. That leads me to
>     > think the issue _is_ with mailman.
>     >
>     > oh joy. criticizing a gnu codebase ....
>     >
>     > On Sat, Nov 28, 2009 at 12:41 PM, Jeremy T. Bouse
>     > <jeremy.bouse at undergrid.net <mailto:jeremy.bouse at undergrid.net>>
>     wrote:
>     >         jim.kinney at gmail.com <mailto:jim.kinney at gmail.com> wrote:
>     >
>     >         > This is a simple test of firegpg running on Fedora
>     >         12/Firefox 3.5.5
>     >         >
>     >         > Please reply with good or bad signature status.
>     >         >
>     >
>     >
>     >         gpg command line and output:
>     >         /usr/bin/gpg
>     >         gpg: Signature made Sat 28 Nov 2009 11:04:06 AM EST using RSA
>     >         key ID
>     >         6A87D3C5
>     >         gpg: BAD signature from "James P. Kinney III (Physicist,
>     >         Brewer, Dad)
>     >         <jimkinney at gmail.com <mailto:jimkinney at gmail.com>>"
>     >
>     > --
>     > James P. Kinney III
>     > Actively in pursuit of Life, Liberty and Happiness
>     >
>     --
>     Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>       /\/\|=mhw=|\/\/          | (678) 463-0932 |
>      http://www.wittsend.com/mhw/
>       NIC whois: MHW9          | An optimist believes we live in the
>     best of all
>      PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure
>     of it!
> 
> -- 
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness        


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20091129/1c89cadf/attachment.bin 


More information about the Ale mailing list